[ale] Restricting users to sftp

Beddingfield, Allen allen at ua.edu
Fri May 29 09:21:50 EDT 2015 

I’ve since discovered that I can determine who gets chroot by using a group.  I was under the impression that I was going to have to put a single entry in the ssh config for every user.
That makes this a better solution than I originally thought….  It still would be nice if someone picked up maintenance of rssh, though!
--
Allen Beddingfield
Systems Engineer
The University of Alabama









On 5/29/15, 4:20 AM, "ale-bounces at ale.org on behalf of DJ-Pfulio" <ale-bounces at ale.org on behalf of djpfulio at jdpfu.com> wrote:

>I thought it was just a setting in the sshd_config file?
>
>internal-sftp - seems to make chroot trivial.
>"             Alternately the name “internal-sftp” implements an in-process
>             “sftp” server.  This may simplify configurations using
>             ChrootDirectory to force a different filesystem root on clients."
>
>
>
>
>On 05/28/2015 10:29 AM, Jim Kinney wrote:
>> Ah. Read the mailing list threads. Not quite abandoned but pretty much
>> so.
>> 
>> Maybe a RedHat or SuSe team can pick it up as their commercial stuff
>> benefits from the security aspects of rssh.
>> 
>> On Thu, 2015-05-28 at 14:09 +0000, Beddingfield, Allen wrote:
>>> For years now, we have been using RSSH to restrict users to sftp-only
>>> on our web servers.  
>>> http://www.pizzashack.org/rssh/
>>> Unfortunately, this is pretty much an abandoned project, now.  
>>> The way it works is that you just change the user’s shell to rssh, and
>>> sftp/scp is the only thing allowed. You can also set a umask in the
>>> rssh.conf file  in /etc
>>> I’m looking for a way to do this without using RSSH. I see
>>> instructions for sftp-only/chroot for OpenSSH,but that seems a little
>>> much for what we are wanting to accomplish.  My only goal is the
>>> prevent shell access – I don’t need the chroot setup.
>>> Any clever ideas?
>>> Thanks.
>>> Allen B.
>>> --
>>> Allen Beddingfield
>>> Systems Engineer
>>> The University of Alabama
>>>
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>> 
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list